Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-18132

Malware in sbrugna...

7.8CVSS7.7AI score0.00898EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:22 p.m.10 views

CVE-2020-25444

Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...

5.4CVSS6AI score0.00594EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:22 p.m.7 views

CVE-2020-25445

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

7.8CVSS7.2AI score0.00898EPSS
Exploits0
CNVD
CNVD
added 2021/07/15 12:0 a.m.12 views

Booking Core has an unspecified vulnerability

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...

7.8CVSS1.3AI score0.00898EPSS
Exploits0References1
NVD
NVD
added 2021/07/14 3:15 p.m.14 views

CVE-2020-25445

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

7.8CVSS0.00898EPSS
Exploits0References1
NVD
NVD
added 2021/07/14 3:15 p.m.17 views

CVE-2020-27379

Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...

6.5CVSS0.00485EPSS
Exploits0References1
Prion
Prion
added 2021/07/14 3:15 p.m.21 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...

4.3CVSS6.7AI score0.00485EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/14 3:15 p.m.11 views

Input validation

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

6.8CVSS7.7AI score0.00898EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/14 3:15 p.m.18 views

Cross site scripting

Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...

3.5CVSS5.3AI score0.00594EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/14 2:40 p.m.49 views

CVE-2020-25445

The CVE-2020-25445 entry concerns Booking Core 1.7.0 (Ultimate Booking System) where the Subscribe feature does not sanitize CSV cells, allowing CSV formula injection when a backend admin downloads and opens the generated CSV. The underlying issue is improper input handling in the subscription/ex...

7.8CVSS7.7AI score0.00898EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/14 2:38 p.m.44 views

CVE-2020-27379

CVE-2020-27379 affects Booking Core (Ultimate Booking System) Booking Core 1.7.0. The root cause is CSRF token validation failure when requests are sent via GET, allowing unauthorized changes to a user’s email ID. This could enable password resets using the modified email. The available connected...

6.5CVSS6.6AI score0.00485EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/14 2:35 p.m.43 views

CVE-2020-25444

CVE-2020-25444 affects Booking Core – Ultimate Booking System (Booking Core) version 1.7.0. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via multiple input points: the My Profile page’s About Yourself section, Hotel Details’ Hotel Policy field, Manage Tour’s Pricing code and...

5.4CVSS5.3AI score0.00594EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/14 2:35 p.m.24 views

CVE-2020-25444

Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...

5.3AI score0.00594EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/14 12:0 a.m.5 views

Booking Core 跨站请求伪造漏洞

Booking Core is a software application. A Laravel-based booking system designed for travel websites, shopping malls, travel agencies, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites. Booking Core suffers from a cross-site request forgery vulnerability that stems from...

6.5CVSS6.4AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/14 12:0 a.m.4 views

Booking Core 安全漏洞

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...

7.8CVSS5.8AI score0.00898EPSS
Exploits0References1
Rows per page
Query Builder